Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday October 11 2015, @02:27AM   Printer-friendly
from the sour-grapes dept.

On Wednesday, a jury in Sacramento, California, found Matthew Keys, former social media editor at Reuters and an ex-employee of KTXL Fox 40, guilty of computer hacking under the Computer Fraud & Abuse Act.

In 2010, Keys posted login credentials to the Tribune Company content management system (CMS) to a chatroom run by Anonymous, resulting in the defacement of an LA Times article online. The defacement was reversed in 40 minutes, but the government argued the attack caused nearly a million dollars in damage.

"The government wanted to send a clear message that if you want to cover a group they don't agree with, and you're not complicit with them [the government], they will target you," Keys told me after the trial.


Original Submission

Related Stories

Matthew Keys Leaves Jail but CFAA Reform Will have to Wait 5 comments

Journalist Matthew Keys has been released from the Satellite Prison Camp Atwater, in Atwater, California, a few months early.

As Ars reported previously, Keys was accused and convicted of handing over a username and password for his former employer KTXL Fox 40's content management system (CMS) to members of Anonymous and instructing people there to "fuck some shit up." Ultimately, that December 2010 incident resulted in someone else using those credentials to alter a headline and sub-headline on a Los Angeles Times article. (Both Fox 40 and the Times are owned by the Tribune Media Company.) The changes lasted for 40 minutes before editors reversed them.

[...] While he had initially wanted to challenge the oft-maligned federal law under which he was convicted, the Computer Fraud and Abuse Act, Keys said his case was ultimately not the right one to bring such a challenge.

Keys and his legal team ultimately decided not to pursue an appeal to the Supreme Court after losing at the 9th US Circuit Court of Appeal in June 2017. Within the next few months he will begin supervised release and will be able to resume work.

From Ars Technica : Matthew Keys, now freed from prison, is ready to get back to journalism

and previously : Former Reuters Journalist Matthew Keys Found Guilty of Three Counts of Hacking [sic].


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Sunday October 11 2015, @02:46AM

    by Anonymous Coward on Sunday October 11 2015, @02:46AM (#247938)

    Why did Keys do it? He knew what Anonymous could do, they could really f*** up the site with the login credentials he gave them.

  • (Score: 0) by Anonymous Coward on Sunday October 11 2015, @02:48AM

    by Anonymous Coward on Sunday October 11 2015, @02:48AM (#247940)

    resulting in the defacement of an LA Times article online. The defacement was reversed in 40 minutes, but the government argued the attack caused nearly a million dollars in damage.

    Sounds like the LA Times' business, not the govt's.

    • (Score: 3, Interesting) by Runaway1956 on Sunday October 11 2015, @03:41AM

      by Runaway1956 (2926) Subscriber Badge on Sunday October 11 2015, @03:41AM (#247960) Journal

      Agreed. Unfortunately, like most other corporations, the LA times has influence with the government. Campaign donations, among other things, buys a lot of influence. When you have influence, government takes care of you. Suddenly, some petty offense against a corporation becomes a criminal federal offense.

      Years in prison for defacing a web page. That is at least as preposterous as million dollar penalties for sharing a couple dozen songs.

      That doesn't even take into account the outright dishonesty of the corporation. It cost a million dollars to restore the web page? Lying bastards, it most likely cost less than five thousand dollars, probably less than a thousand dollars. But again, corporations can afford accountants with good imaginations. That's how they avoid paying taxes, as well as misleading investors.

      • (Score: 0) by Anonymous Coward on Sunday October 11 2015, @04:26AM

        by Anonymous Coward on Sunday October 11 2015, @04:26AM (#247973)

        It cost a million dollars to restore the web page? Lying bastards, it most likely cost less than five thousand dollars, probably less than a thousand dollars

        It might cost half a manhour to restore a (assumed) knowngood copy, they did not know at that time WHERE they were compromised. So they had to check EVERYTHING. They probably weren't even sure whether the backup system was clean or not.
        You're probably the kind of guy that says "rape isn't that bad when she doesn't get pregnant or diseased and hey it was over in 5 minutes anyway".

        • (Score: 3, Insightful) by Runaway1956 on Sunday October 11 2015, @04:59AM

          by Runaway1956 (2926) Subscriber Badge on Sunday October 11 2015, @04:59AM (#247987) Journal

          I'm proud of my fan club, but I wish the fans would demonstrate better logic. What does the defecement of a web page have to do with rape? And, why is this fan projecting his attitudes toward rape on me? Some of my fans are embarrassing . . .

          • (Score: 2) by Phoenix666 on Sunday October 11 2015, @12:01PM

            by Phoenix666 (552) on Sunday October 11 2015, @12:01PM (#248029) Journal

            At least you have fans. So many of us don't, you insensitive clod.

            --
            Washington DC delenda est.
            • (Score: 2) by Runaway1956 on Sunday October 11 2015, @03:35PM

              by Runaway1956 (2926) Subscriber Badge on Sunday October 11 2015, @03:35PM (#248065) Journal

              But, PHOENIX! You got fans! I skim over all your submissions, and read most of them! It is you who is being insensitive! Oh, boo hoo hoo . . . I'm going to sulk and whine for awhile.

    • (Score: 3, Insightful) by captain normal on Sunday October 11 2015, @03:43AM

      by captain normal (2205) on Sunday October 11 2015, @03:43AM (#247961)

      Well that's the biggest crime in America, interfering with some big company's business.

      --
      When life isn't going right, go left.
  • (Score: 4, Insightful) by M. Baranczak on Sunday October 11 2015, @03:35AM

    by M. Baranczak (1673) on Sunday October 11 2015, @03:35AM (#247956)
    I read the whole article, and I still don't know what the fuck happened. Do they teach anything in journalism school anymore? This guy Keys apparently wrote some articles about Anonymous - what were they about? Where were they published? And why didn't it occur to anybody to link to them? When the FBI "approached" him, what exactly were they looking for? Did Keys post his own login credentials, or someone else's (if they were his, then this sure as hell isn't "hacking", but never mind that for now)? More importantly, why did he post the credentials? I'm sure he had some reason, and I'm sure the prosecution had their own theory on what his reasons were - but there's no mention of either.
    • (Score: 4, Insightful) by bradley13 on Sunday October 11 2015, @07:18AM

      by bradley13 (3053) on Sunday October 11 2015, @07:18AM (#248003) Homepage Journal

      Sadly, it's par for the course. Most journalists...aren't. I've seen several articles about this case, and none of them contained any in-depth information. In fact, this is the first I knew of him writing a series of articles about Anonymous - before, I had the impression he was just a disgruntled employee. Now, it seems likely that there is more to the story.

      There are plenty of unanswered questions. For example, why is he charged with "Transmission of Malicious Code" and also "Attempted Transmission of Malicious Code" - I mean, either he did, or he didn't. Or else there is more than just the single posting of login credentials.

      The costs are a fantasy figure, easily manipulated. Correcting the web page and changing the login credentials will have involved only a few people and (we know) about 40 minutes - cost: at most a few hundred dollars. How much additional time was spent on network analysis (i.e., figuring out how the CMS was accessed), on introducing new/different security measures, and on bosses pacing around a conference room? How much reputation damage did they suffer - and how do you calculate that? What portion of these costs do you bang onto the number? Several thousand dollars, I can see. Nearly a million - that's just the prosecutor's tactic, expecting the judge or jury to reign him in.

      What makes this ridiculous: consider the real-world equivalent. Someone in your office deliberately hands his keys to a homeless dude. Homeless dude moves into your lobby. You evict the guy. What do you do to the employee? Fire him, maybe. Expect him to pay the cleaning costs, sure. Prosecute him? For what, exactly? Just because this all happened on a computer, it suddenly involves the FBI and federal prosecution? Insane.

      --
      Everyone is somebody else's weirdo.
      • (Score: 3, Insightful) by Phoenix666 on Sunday October 11 2015, @12:04PM

        by Phoenix666 (552) on Sunday October 11 2015, @12:04PM (#248030) Journal

        I agree with your assessment, which is why I think it's not about damages but about sending a message to "hackers." Ironically it also communicates quite clearly how little the government knows about actual hackers, if they conflate giving somebody login credentials with transmitting malicious code.

        Perhaps they realize how vulnerable they are to technologists, and this is a pure fear reaction.

        --
        Washington DC delenda est.
      • (Score: 0) by Anonymous Coward on Sunday October 11 2015, @05:17PM

        by Anonymous Coward on Sunday October 11 2015, @05:17PM (#248095)

        consider the real-world equivalent. Someone in your office deliberately hands his keys to a homeless dude. Homeless dude moves into your lobby. You evict the guy.

        Are you kidding? A substantial portion of the LA Times' business is delivered through their web site. Keys handed the login creds of the site's CMS to an elite hacking group - that's not at all similar to allowing a homeless person into the lobby at corporate HQ, where a few dozen visitors come tromping through every day.

        • (Score: 2, Insightful) by Bobs on Sunday October 11 2015, @06:57PM

          by Bobs (1462) on Sunday October 11 2015, @06:57PM (#248132)

          Are you kidding? A substantial portion of the LA Times' business is delivered through their web site. Keys handed the login creds of the site's CMS to an elite hacking group - that's not at all similar to allowing a homeless person into the lobby at corporate HQ, where a few dozen visitors come tromping through every day.

          What if said homeless person set fire to the multimillion dollar office building with people in it? I think it is important to generally punish people for the actual result of their actions, not the theoretically possible results. He allowed a web page to be defaced that was trivial to fix. Not a big deal.

          Certainly there are situations where the risks are so extreme you want to come down hard, but how much exposure was there really using a reporter's login credentials? Any moderately competent system will limit a reporter's login to modify some content/text and not much more. So what was the real threat?

          If you leave your car keys in your car should you be prosecuted for enabling somebody irresponsible to take a joy ride or for the theoretical risk that they could take the car and crash into a freight train pulling oil tankers, destroying a town and killing many?

          Proportionate response is a good thing.

  • (Score: 2) by darkfeline on Sunday October 11 2015, @07:24AM

    by darkfeline (1030) on Sunday October 11 2015, @07:24AM (#248005) Homepage

    So posting passwords is computer hacking now?

    Defacing a website is now $1000000 USD in damages?

    This is petty crime at best. Egging someone's house does more damage.

    --
    Join the SDF Public Access UNIX System today!
  • (Score: 2, Informative) by Anonymous Coward on Sunday October 11 2015, @12:37PM

    by Anonymous Coward on Sunday October 11 2015, @12:37PM (#248034)

    There's no reason for a journalist to get in touch with terrorist/pedophile/communist/drug/hacker/whatever-the-boogyman-is-this-year groups unless he's sympathetic.
    He knows they're evil because we told him so.
    He already knows there is no other side to the story, so why would he look?